Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • Please log in to reply
14 replies to this topic

#1 sweetpea771

sweetpea771

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 09 May 2014 - 04:24 PM

Well, to start off with my notebook is running real slow and takes forever to load pages.

 

I have cleared to files/disks, done a defrag which never completed because it was taking to long. I have also added Avast! to the computer. Nothing showed up when I ran the scan. Please help me figure out if I am infected and how to speed things up.

 

This is an ACER Aspire one and is running Windows 7,I believe. I thank you for any help you can give me and as soon as you can. I got the computer from my mother which she said she didn't use it for almost a year because it was too slow.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 09 May 2014 - 05:44 PM

Hi sweetpea771

These would be the first obvious steps:

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
  • Click Finish
  • If you are notified the Database is out of date click Update Now

    mbamnew_zpsdc989cc1.png
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
Step 3
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
In your next reply, please submit:
JRT.txt
AdwCleaner report
MBAM scan report

and let me know if things are any faster now.


Thanks.

BBPP6nz.png


#3 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 11 May 2014 - 04:36 PM

It just comes up with a c:/ Windows/system/cmd.exe and i didn't find the JRT.exe



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 11 May 2014 - 04:42 PM

Hi sweetpea771

It just comes up with a c:/ Windows/system/cmd.exe

Sorry but i need more to go on than that.
What comes up with c:/ Windows/system/cmd.exe ?
What steps have you run so far?

and i didn't find the JRT.exe

Did you download it ok?
What location was it saved in?

BBPP6nz.png


#5 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 11 May 2014 - 04:53 PM

I got the  file now but it still comes up with a black box c:/windows/system/cmd.exe, is that the scan?



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 11 May 2014 - 05:07 PM

I got the file now but it still comes up with a black box c:/windows/system/cmd.exe, is that the scan?

That box will come up first.
Then you may have a box come up that asks do you want to allow this program
Click on yes
another box will open... click any key on the keyboard to continue.

jrt_zpse1411bf3.png

BBPP6nz.png


#7 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 18 May 2014 - 04:13 PM

This is what I got after I ran a second time after reboot.

 

# AdwCleaner v3.209 - Report created 18/05/2014 at 14:07:35
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Starter  (32 bits)
# Username : Connie - CONNIE-PC
# Running from : C:\Users\Connie\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

-\\ Mozilla Firefox v7.0.1 (en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [14610 octets] - [18/05/2014 13:49:04]
AdwCleaner[R1].txt - [603 octets] - [18/05/2014 14:07:35]
AdwCleaner[S0].txt - [14117 octets] - [18/05/2014 13:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [723 octets] ##########



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 18 May 2014 - 04:20 PM

What about the reports from:
Junkware Removal Tool
and
Malwarebytes Anti-Malware Free?

BBPP6nz.png


#9 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 19 May 2014 - 02:55 AM

# AdwCleaner v3.209 - Report created 18/05/2014 at 13:52:51
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Connie - CONNIE-PC
# Running from : C:\Users\Connie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : PirritDesktop

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\iWin
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\System Speedup
Folder Deleted : C:\Program Files\WinRST
Folder Deleted : C:\Windows\system32\BrowserProtect
Folder Deleted : C:\Users\Connie\AppData\Local\Conduit
Folder Deleted : C:\Users\Connie\AppData\Local\Giant Savings Extension
Folder Deleted : C:\Users\Connie\AppData\Local\iWin
Folder Deleted : C:\Users\Connie\AppData\Local\PirritSuggestor
Folder Deleted : C:\Users\Connie\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Connie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Connie\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Connie\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Connie\AppData\LocalLow\iWin
Folder Deleted : C:\Users\Connie\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Connie\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Connie\AppData\Roaming\iWin
Folder Deleted : C:\Users\Connie\AppData\Roaming\System Speedup
Folder Deleted : C:\Users\Connie\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Public\Documents\iWin
File Deleted : C:\Windows\system32\conduitEngine.tmp
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\System32\Tasks\paretologic update version3

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\halffneccaebicfdfajnbfgpglahfgoe
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FF931D1-F00F-4587-BBBD-E79E727F6237}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF931D1-F00F-4587-BBBD-E79E727F6237}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70AFFAFD-1143-4635-8E40-D5BA607619AA}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKCU\Software\f55df8fb769e510
Key Deleted : HKLM\SOFTWARE\f55df8fb769e510
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77E4BF0F-2E1B-4041-8D4F-309A29E70305}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77E4BF0F-2E1B-4041-8D4F-309A29E70305}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{77E4BF0F-2E1B-4041-8D4F-309A29E70305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982226EB-21B9-46E3-BEF7-3E1FC3B308A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91B241B3-1111-479E-930B-135F3ED12FBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{010C235A-A483-4946-8A97-4E19BF64477D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}]
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\System Speedup
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\iWin
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings Extension
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\iWin
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Pirrit
Key Deleted : HKLM\Software\System Speedup
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\iWin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWin Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v7.0.1 (en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [14610 octets] - [18/05/2014 13:49:04]
AdwCleaner[S0].txt - [13975 octets] - [18/05/2014 13:52:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14036 octets] ##########

 

 

This is the only Thing that I can print from malwarebytes- it won't let me copy and paste from the other log. It's like the page is too large for the screen because I can’t push the save to clipboard button.

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 5/18/2014 1:52:41 PM, SYSTEM, CONNIE-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 5/18/2014 2:16:59 PM, SYSTEM, CONNIE-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.18.8,
Protection, 5/18/2014 2:46:08 PM, SYSTEM, CONNIE-PC, Protection, Malware Protection, Starting,
Protection, 5/18/2014 2:46:46 PM, SYSTEM, CONNIE-PC, Protection, Malware Protection, Started,
Protection, 5/18/2014 2:46:47 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/18/2014 3:16:13 PM, SYSTEM, CONNIE-PC, Protection, Malware Protection, Starting,
Protection, 5/18/2014 3:16:18 PM, SYSTEM, CONNIE-PC, Protection, Malware Protection, Started,
Protection, 5/18/2014 3:16:22 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/18/2014 3:45:24 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Started,
Detection, 5/18/2014 3:49:50 PM, Connie, CONNIE-PC, Protection, Malware Protection, File, PUP.Optional.Conduit.A, C:\Users\Connie\AppData\Local\Temp\dlLogic.exe, Quarantine, [2cb469e95f1cd066efc369d9837d27d9]
Detection, 5/18/2014 3:50:03 PM, Connie, CONNIE-PC, Protection, Malware Protection, File, PUP.Optional.Conduit.A, C:\Users\Connie\AppData\Local\Temp\dlLogic.exe, Quarantine, [459b0d453348e254961c60e254ac54ac]
Protection, 5/18/2014 3:50:46 PM, SYSTEM, CONNIE-PC, Protection, DeleteFile, 2, Failed, C:\Users\Connie\AppData\Local\Temp\dlLogic.exe,
Error, 5/18/2014 3:50:46 PM, SYSTEM, CONNIE-PC, Protection, DeleteFile, 2, Failed, C:\Users\Connie\AppData\Local\Temp\dlLogic.exe,
Detection, 5/18/2014 3:51:17 PM, SYSTEM, CONNIE-PC, Protection, Malware Protection, File, PUP.Optional.Conduit.A, C:\Users\Connie\AppData\Local\Temp\verifier.exe, Quarantine, [24bcb39fd6a52f079c17053d7c847789]
Detection, 5/18/2014 3:51:18 PM, SYSTEM, CONNIE-PC, Protection, Malware Protection, File, PUP.Optional.Conduit.A, C:\Users\Connie\AppData\Local\Temp\verifier.exe, Quarantine, [24bcb39fd6a52f079c17053d7c847789]
Protection, 5/18/2014 3:51:25 PM, SYSTEM, CONNIE-PC, Protection, SetFileAttributes, 2, Failed, C:\Users\Connie\AppData\Local\Temp\verifier.exe,
Error, 5/18/2014 3:51:25 PM, SYSTEM, CONNIE-PC, Protection, SetFileAttributes, 2, Failed, C:\Users\Connie\AppData\Local\Temp\verifier.exe,
Update, 5/18/2014 4:35:24 PM, SYSTEM, CONNIE-PC, Scheduler, Malware Database, 2014.5.18.8, 2014.5.18.9,
Protection, 5/18/2014 4:35:37 PM, SYSTEM, CONNIE-PC, Protection, Refresh, Starting,
Protection, 5/18/2014 4:37:11 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 5/18/2014 4:37:27 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 5/18/2014 4:40:49 PM, SYSTEM, CONNIE-PC, Protection, Refresh, Success,
Protection, 5/18/2014 4:40:51 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/18/2014 4:42:24 PM, SYSTEM, CONNIE-PC, Protection, Malicious Website Protection, Started,

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Starter x86

Ran by Connie on Sun 05/18/2014 at 20:20:29.33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1301439306-3779747852-301319512-1000\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181110}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\The Price Is Right-WT_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\The Price Is Right-WT_RASMANCS

 

 

~~~ Files

 

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\epicplay"

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 05/18/2014 at 22:49:57.52

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 19 May 2014 - 10:43 AM

Hi sweetpea771

That's more like it..... more or less what i expected to see.A
lot of Adware has now been removed.
Did you run the TFC program ?(Post #2 step 3 )
How is the system behaving now?

Something else i'd like to check:

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please copy and paste the contents of that document in your next reply.
Thanks

Edited by Starbuck, 19 May 2014 - 10:46 AM.

BBPP6nz.png


#11 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 20 May 2014 - 12:24 AM

I did run TFC and it is a little faster however, when I log in to the normal way, Internet explorer is slow to load and freezes still. I am downloading system check program next. Just wanted to let you know this. Thank you



#12 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 20 May 2014 - 12:28 AM

 Results of screen317's Security Check version 0.99.83 
 Windows 7  x86 (UAC is disabled!) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Doctor with AntiVirus 8.0
 WinCleaner Applications   
 Java™ 6 Update 30 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````



#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 20 May 2014 - 01:13 AM

Hi sweetpea771

The security check has highlighted some problems.

Step 1
It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove 2 of the following:
Microsoft Security Essentials
avast! Antivirus
Spyware Doctor with AntiVirus 8.0



Step 2

Windows 7 x86 (UAC is disabled!)
Out of date service pack!!

This is quite serious, you need to get the windows updates for your system.

You should use Internet Explorer for this.
Click ...Start ... All Programs ... Windows Updates.
Let it check your system for any updates.
When the list comes up.... click on Express Install, to install the updates.
It may ask you to reboot your system when it finishes.
When completed... go back and check for more updates, keep doing this until it says there is no available updates for your system.
It may not give them all to you the first time.

Note:Please do not have any other programs running or use your pc whilst downloading the updates.

I recommend you also turn on your automatic updates so that you don't miss any updates in the future:
  • Open Windows Update by clicking the Start >> All Programs >> Windows Update.
  • In the left pane, click Change settings.
  • Choose the option that you want.
    .
    Install Updates Automatically (Recommended)
    Download Updates but let me choose whether to install them
    Download Updates but let me choose whether to download and install them
    .
  • Under Recommended updates, select the Give me recommended updates the same way i receive important updates check box, and then click OK.
Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Let me know how these steps go.

Thanks

BBPP6nz.png


#14 sweetpea771

sweetpea771
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Idaho
  • Local time:05:53 AM

Posted 20 May 2014 - 09:03 AM

when I go to unistall spyware dr. an error message comes up and says that a file is missing and to correct the problem or obtain anew copy. what cani doto correct the problem?



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:01:53 PM

Posted 20 May 2014 - 11:43 AM

The program may have become corrupt or it may be that a previous uninstall has left some entries behind.

Try using Revo Uninstaller:
30-day fully functional free trial

Download Revo Uninstaller and save it to your Desktop.
Right click on the downloaded icon and select Run as Administrator.
When the install finishes, Revo should open.
On the default screen ....Click on Spyware Doctor with AntiVirus 8.0 to select it and then click on the Uninstall Tab at the top.
If Revo encounters the same sort of problem... try again, but this time click on the Forced Uninstall tab.
When the next box opens, select the Advanced Mode (at the top)
In the Programs exact name box, type:
Spyware Doctor with AntiVirus 8.0
Then click Next.
If the program is found, click Next again.
Once removed, if Revo gives the option to Scan for leftover files.... let it.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users